Shelan Faith has an internet-enabled home "security" system from Vivint Home Security; it includes cameras that spy on the interior and exterior of her home, as well as sensors that report on things like when her doors and garage are open or closed.
Last week, a stranger mailed Faith a letter to inform her that they, the stranger, had full access to the AV and telemetry from her home; they were also Vivint Home Security customers and Vivint was leaking their data.
The stranger had spoken to Vivint, but the company had failed to address the problem. When Faith contacted the company about the letter, they initially refused to believe her. They told her she'd owe them thousands of dollars if she canceled her contract. The company now says the issue's been resolved and "we are updating our processes to make sure it can't happen again."
Vivint said the same thing in 2012, when another customer tried to cancel his service because his feeds were being exposed to other customers. Vivint also tried to charge that customer thousands to get out of his contract.
The spokesperson told CBC News the security system requires an email invitation to connect, but a technician used their own email account to connect the system for a customer who did not have an email account.
They said the two systems were accidentally connected when the technician went to the next installation.
The spokesperson said the technician felt "terrible" about the incident.
'I'm looking out your front door': Stranger had access to homeowner's security cameras [Alicia Bridges/CBC]
Iowa state court officials contracted with Coalfire to conduct "penetration tests" on its security; as part of those tests, two Coalfire employees broke-and-entered the Adel, Iowa courthouse, and were caught by law-enforcement, whose bosses in Dallas County were not notified of the test.
Eleanor Saitta's (previously) 2016 essay "Coercion-Resistant Design" (which is new to me) is an excellent introduction to the technical countermeasures that systems designers can employ to defeat non-technical, legal attacks: for example, the threat of prison if you don't back-door your product.
For decades, people (including me) have predicted that cyberinsurers might be a way to get companies to take security seriously. After all, insurers have to live in the real world (which is why terrorism insurance is cheap, because terrorism is not a meaningful risk in America), and in the real world, poor security practices destroy […]
Your smartphone’s GPS is a modern necessity for some trips, but how do you use it safely? It’s been a problem ever since phones went mobile. A certain phone mount even shelled out the money for a commercial during the Big Game, so clearly there’s a market for the solution. Turns out there are a […]
There’s reading for pleasure, and then there’s reading for fuel; absorbing the great ideas in nonfiction books so you can apply them in your own life. In today’s hectic pace, it can be difficult to find the time to do that reading – especially for the entrepreneurs and professionals who can benefit the most from […]
Breaking into the big leagues as a project manager isn’t done overnight, but there are principles that anyone can learn, and they’re applicable to nearly any business. No matter what your field, if there are multiple teams working toward a common goal, you’re going to need a roadmap. The Project Management Professional Certification Training Suite […]